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(57)Abstract: 

PURPOSE: To set the proper ciphering system by a transmitter and a receiver in 
a ciphering communication network. 

CONSTITUTION: A terminal 10 for communication is provided with ciphering 
devices 11 performing ciphering and decoding which are different in ciphering 
systems, a selection means 14 selecting one of the ciphering devices 11 and a 
key generation/selector 13 generating the ciphering key according to the 
selection. The ciphering system which is suitable for the communication is 
discussed, determined and selected with the terminal 10 for communication on 
an opposite side. Therefore, the ciphering system having the ciphering intensity 
according to the secrecy required for information to be communicated is set. 
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CLAIMS 



[Claim(s)] 



[Claim 1] Cryptocommunication equipment equipped with two or more means of 
communications which perform encryption of transmit data, and decode of 
reception encryption data, respectively, and communicate mutually, and a 
selection means to be formed in the above-mentioned means of 
communications, and to choose one of two or more of the cipher systems. 
[Claim 2] Cryptocommunication equipment [ equipped with a key generation 
means to generate the key corresponding to the cipher system which it was 
prepared in the above-mentioned means of communications, and the 
above-mentioned selection means chose ] according to claim 1. 
[Claim 3] Cryptocommunication equipment [ equipped with an updating means 
to make the key which is formed in the above-mentioned means of 
communications, and is generated with the above-mentioned key generation 
means at the time of encryption processing of the above-mentioned transmit 
data update at any time ] according to claim 2. 

[Claim 4] Cryptocommunication equipment [ equipped with a decision means to 
determine the cipher system which it is prepared in the above-mentioned means 
of communications, and the above-mentioned selection means chooses by 
communicating mutually ] according to claim 1. 

[Claim 5] Cryptocommunication equipment according to claim 2 characterized by 
using the algorithm of pseudo-random number generation safe in computational 



complexity as an algorithm used with the above-mentioned key generation 
means. 

[Claim 6] Cryptocommunication equipment according to claim 5 characterized by 
using a square mold pseudo-random number generation algorithm as the 
above-mentioned pseudo-random number generation algorithm safe in 
computational complexity. 

[Claim 7] It is data encryption equipment which is equipped with an encryption 
means to encipher information, using two or more cipher systems alternatively, 
and a mode assignment means to specify a mode of operation, and is 
characterized by the above-mentioned encryption means choosing a cipher 
system according to the specified mode. 

[Claim 8] It is data encryption equipment which is equipped with an encryption 
means to encipher information, using two or more cipher systems alternatively, 
and an assignment means to specify a security rank, and is characterized by the 
above-mentioned encryption means choosing a cipher system according to the 
specified security rank. 

[Claim 9] The cryptocommunication system which is a cryptocommunication 
system which enabled it to choose a cipher system, and is characterized by 
needing the consent by the side of the above-mentioned predetermined terminal 
unit when changing the cipher system specified by the predetermined terminal 



unit with other terminal units while communicating the data enciphered among 
two or more terminals on a network. 



DETAILED DESCRIPTION 

[Detailed Description of the Invention] 
[0001] 

[Industrial Application] This invention relates to the data encryption equipment 
used for the cryptocommunication equipment, the system, and it which 
communicate by enciphering data, in order to keep data secret. 
[0002] 

[Description of the Prior Art] In recent years, exchanging various information 
using this communication network is going to be realized with maintenance of 
the optical fiber network in a trunk communication network, the spread of cable 
television systems, utilization of a health communication link, the spread of local 
EARI networks, etc. In addition, it considers transmitting multimedia information, 
such as dynamic-image data, static-image data, voice data, and computer data, 
as the information. In such a communication network, it is important to transmit 
information to insurance and various codes are known as a means for it. 



Although those codes are roughly divided and it is classified into 2 cipher 
systems of a common key encryptosystem and public key encryption, various 
methods are considered to each classification. 

[0003] Drawing 14 shows a common key encryptosystem communication 
network, and drawing 15 shows a public-key-encryption communication network. 
Drawing 16 shows a common key and public-key-encryption network, and has 
composition which added the public-key-encryption communication network of 
drawing 15 to the common key encryptosystem communication network of 
drawing 14 . 

[0004] First, the cryptocommunication by the common key encryption system is 
described. In the common key encryptosystem communication network, as 
shown in drawing 14 , the proper and the secret key are beforehand shared 
among network subscribers. A, B, C, — , M show the subscriber of the network, 
KAB and KAC, the key that is sharing between subscriber A-B, respectively, 
the key currently shared between subscriber A-C, and --. Furthermore, each 
subscriber has the terminal for a communication link equipped with the data 
encryption equipment which enciphers according to the algorithm decided in the 
network as shown in drawing 17 (and decode). The following procedures 
perform the common key encryptosystem communication link to B from the 
conventional subscriber A. 



[0005] 1 . The secret key KAB currently beforehand shared with the transmission 
place B is used for A as a key of the data encryption equipment of this 
communication link, it enciphers correspondence with data encryption 
equipment, and transmits the enciphered thing to B. 

2. B uses the secret key KAB currently shared the transmitting agency A 
beforehand as a key of the data encryption equipment of this communication link, 
decodes the receiving sentence from A with data encryption equipment, and 
obtains correspondence. 

[0006] Next, the cryptocommunication by the public key cryptosystem is 
described. As shown in drawing 15 , each subscriber's public key is put up for 
the electronic bulletin board of a public-key-encryption communication network 
in the form where a subscriber's ID (identifier etc.) and correspondence can be 
taken. It sets to drawing 15 and they are Kp A, Kp B, --, Kp M about Subscribers' 
A, B, --, M public key. It is shown. Moreover, each subscriber holds secretly the 
private key corresponding to his own public key. It sets to drawing 15 and they 
are Ks A and Ks B about Subscribers' A, B, - M private key. Ks M It is shown. 
Furthermore, each subscriber has the terminal for a communication link 
equipped with the data encryption equipment which enciphers according to the 
algorithm decided in the network as shown in drawing 17 (and decode). The 
following procedures perform the public-key-encryption communication link to B 



from the conventional subscriber A. 

[0007] Open 1 .A of B is the public key Kp B of the transmission place B from the 
conventional subscriber A. It uses as a key of the data encryption equipment of 
this communication link, correspondence is enciphered with data encryption 
equipment, and the enciphered thing is transmitted to B. 

2. B is its own private key Kp B. It uses as a key of the data encryption 
equipment of this communication link, the receiving sentence from A is decoded 
with data encryption equipment, and correspondence is obtained. 
Cryptocommunication is performed by these procedures. 

[0008] Various methods are considered even if it restricts to the typical cipher 
system now known about the code technique which is a technique required in 
order to realize a reliable communication link, as stated above. Moreover, 
various modes used can be considered also with the same cipher system, and 
various cures are considered so that reinforcement may be further increased to 
decryption. 

[0009] Here, a DES code is briefly explained as a conventional cipher system. In 
the DES code, encryption and decode are carried out to a unit in a 64-bit data 
block, and the die length of a key is made into 56 bits (it is 64 bits when a 8-bit 
parity bit is added). Cryptographic algorithm is based on the transposition type 
and the substitution type, by repeating 16 steps of processings which combined 



such transposition and substitution suitably, stirred the bit pattern of a plaintext 
and has changed it into the cipher which semantics does not understand. When 
decoding, the original plaintext is restored by stirring conversely. 
[0010] This parameter of a way to stir is specified with a 56-bit key. The number 
of the candidates of a key is the 56th power (17th power of about 10) individual 
of 2, and if decode which a key is changed by a unit of 1 time, and checks it is 
performed to the pair of the cipher which round robin decoded that is, received, 
and a plaintext, supposing one check will take 500ns (processing speed of 
128Mbps), it will become this count about 1000 on the whole. 
[0011] In encryption processing of DES, transposition (initial transposition IP) is 
first performed to a 64-bit plaintext. This initial transposition is immobilization. 
After the output of this transposition processing passes through 16 steps of 
complicated encryption processings the middle, finally transposition (last 
transposition IP-1) is performed. This last transposition is also immobilization. 
[0012] 32 bits is divided into each right and left, and, for a left half, L0 and a right 
half are [ the data which are 64 bits to which initial transposition was performed ] 
R0. It becomes, this L0 R0 from — processing shown in drawing 18 over 16 steps 
is performed until it is set to L16 and R16. That is, they are Ln and Rn, 
respectively about 32 bits of the right and left when ending the n-th step of 
processing. They are Ln and Rn if it carries out. It is expressed with a degree 



type. 

[0013] Ln =Rn-1Rn =Ln-1 #f(Rn-1 ,Kn ) 

[0014] Here, # means the exclusive OR of mod2 for every bit, and is Kn. The 
48-bit key inputted into the n-th step, and Ln-1 Rn-1 The n-1st step of output and 
f are Rn-1 , respectively. Kn It is the function which uses and outputs 32-bit data. 
[0015] 

[Problem(s) to be Solved by the Invention] However, in the conventional 
cryptocommunication, it was not taken into consideration about adjustment 
whether to perform cryptocommunication using the method which used which 
cipher system and mode used by the transmitting side and the receiving side, 
and took what kind of measures to decryption. Therefore, when it had data 
encryption equipment which can perform two or more cipher systems by the 
transmitting person and the addressee, or when two or more modes used were 
able to be performed, detecting the common cipher system of performing 
cryptocommunication by adjusting among transceiver persons how or both, and 
performing cryptocommunication with the cipher system was not completed. 
[0016] Furthermore, according to the class of information to exchange, it was not 
taken into consideration about adjustment of arranging a cipher system by the 
transmitting side and the receiving side. It was not taken into consideration about 
adjusting the reinforcement of a code according to the class of information 



exchanged especially. For example, when the information to exchange was the 
high information on confidentiality, cryptocommunication with high safety was 
performed using the method coped with to decryption which was stated by the 
Prior art, and when the information to exchange was not the high information on 
confidentiality, mitigating the load of data encryption equipment was not 
completed by using the usual cipher system. There were the above problems in 
the conventional cryptocommunication. 

[0017] This invention was accomplished in order to solve the above-mentioned 
trouble, and it aims at obtaining the cryptocommunication equipment, the system, 
and data encryption equipment which can choose a cipher system. 
[0018] 

[Means for Solving the Problem] In invention of claim 1, encryption of transmit 
data and decode of reception encryption data were performed, respectively, and 
two or more means of communications which communicate mutually, and a 
selection means to be formed in the above-mentioned means of 
communications, and to choose one of two or more of the cipher systems are 
established. 

[0019] In invention of claim 7, it has an encryption means to encipher information, 
using two or more cipher systems alternatively, and a mode assignment means 
to specify a mode of operation, and the above-mentioned encryption means 



chooses a cipher system according to the specified mode. 
[0020] In invention of claim 8 f it has an encryption means to encipher information, 
using two or more cipher systems alternatively, and an assignment means to 
specify a security rank, and the above-mentioned encryption means chooses a 
cipher system according to the specified security rank. 

[0021] In invention of claim 9, while communicating the data enciphered among 
two or more terminals on a network, it is the cryptocommunication system which 
enabled it to choose a cipher system, and when changing the cipher system 
specified by the predetermined terminal unit with other terminal units, the 
consent by the side of the above-mentioned predetermined terminal unit is 
needed. 
[0022] 

[Function] While being able to set a cipher system as arbitration by establishing 
the selection means which can choose a cipher system as the means of 
communications which the transceiver person who performs 
cryptocommunication uses according to this invention, by sharing the set-up 
cipher system among transceiver persons in advance of transmission of a cipher, 
selection of the cipher system which was not conventionally taken into 
consideration is enabled, and cryptocommunication with a high degree of 
freedom is made possible. Moreover, selection of code reinforcement is also 



enabled. 
[0023] 

[Example] Although examples 1-8 are shown below, each example is realized 
from a viewpoint as shown below. 

[Example 1] A cipher system is set up out of two or more codes. 

[Example 2] A cipher system is set up out of a common key encryptosystem and 

public key encryption. 

[Example 3] A cipher system is set up out of two or more block ciphers. 
[Example 4] A cipher system is set up by preparing two or more f functions and 
choosing them to a DES mold code. 

[0024] [Example 5] A cipher system is set up out of the mode used to a block 
cipher. 

[Example 6] A cipher system is set up out of two or more cipher systems "which 
encipher while updating a key." 

[Example 7] A cipher system is set up to a block cipher out of the cipher system 
"which enciphers using the key of immobilization", and the cipher system "which 
enciphers while updating a key." 

[Example 8] Read-out of the internal variable of the key generation and the 
selecting arrangement of the cipher system "it enciphers while updating a key" is 
made possible. [ of an example 7 ] 



[0025] However, the essence of this invention is to have a means to choose so 
that a specific cipher system can be performed out of two or more cipher 
systems. Moreover, it is in having enabled it to choose the reinforcement of a 
code by it. Therefore, as two or more cipher systems chosen, it is not limited to 
the cipher system shown in the example. Although the Prior art also described, 
since many cipher systems by which the current proposal is made exist, it is 
difficult to show all those cipher systems in the example. Moreover, a cipher 
system which combined two or more cipher systems is also contained as a 
cipher system chosen by this invention. 

[0026] In [example 1] this example, as shown in drawing 1 , 
cryptocommunication is performed using the terminal 10 for a communication 
link equipped with two or more data encryption equipment 1 1 which enciphers 
(and decode), the communication interface 12, key generation and a selecting 
arrangement 13, and a selection means 14 to choose one from the outputs of 
two or more data encryption equipment 11. 

[0027] Each data encryption equipment 11 realizes processing of a cipher 
system different, respectively. At this example, it is - cipher system 1 and cipher 
system 2- as a cipher system. — It considers as t kinds of codes of the - cipher 
system t, and suppose that the processing is realized by data encryption 
equipment 1 , data encryption equipment 2, --, each data encryption equipment 



1 1 of data encryption equipment t, respectively. Furthermore, it can set up which 
data encryption equipment 11 is used with a cipher system setting signal. In 
addition, in the following explanation, the need is accepted in data encryption 
equipment 1 1 , and it is data encryption equipment 1 . — It shall be referred to as t. 
[0028] The selection means 14 is controlled by the cipher system setting signal, 
and can be chosen one from the outputs of two or more data encryption 
equipment 11. For example, what is necessary is just to set up the selection 
means 14 with a cipher system setting signal, to perform cipher processing of a 
cipher system 1 so that the output from data encryption equipment 1 may be 
chosen. What is necessary is just to set up the selection means 14 with a cipher 
system setting signal, to perform cipher processing of a cipher system 2 similarly 
so that the output from data encryption equipment 2 may be chosen. 
[0029] A communication interface 12 is a communication interface for receiving 
the transmitting sentence enciphered with the information which shows the 
cipher system from a communications partner, and data encryption equipment 
11 from a transmission line while transmitting the transmitting sentence 
enciphered with the information which shows a cipher system, and data 
encryption equipment 1 1 to a transmission line. 

[0030] Furthermore, generally, since the die length of a key differs for every 
cipher system, with the key generation and the selecting arrangement 13 which 



has key generation and a selecting arrangement 13 as a means to generate or 
choose the key corresponding to the cipher system chosen by the cipher system 
setting signal, the key corresponding to the cipher system chosen from one key 
with a certain die length is generated. Or the key with which only the number of 
cipher systems beforehand realizable [ with data encryption equipment ] 
corresponds is prepared, and the key corresponding to the selected cipher 
system is chosen. 

[0031] An example of the key generation and the selecting arrangement 13 by 
this invention is shown in drawing 2 . Key generation and a selecting 
arrangement 13 generate a key according to an algorithm as shown below. One 
key with a certain die length inputted into key generation and a selecting 
arrangement 13 is used as initial value (xO) with the following algorithms. 

xi+1 =f (xi) (i= 0, 1, --) (1) 

bi+1 =g (xi+1)(i= 0, 1,-) (2) 

[0032] Key generation and a selecting arrangement 13 consist of 
computing-element 13c which changes it into a key, when the output of die 
length required for the key corresponding to processing circuit 13a which 
performs the feedback operation of a formula (1), processing circuit 13b which 
performs the operation of a formula (2), and the cipher system chosen by the 
cipher system setting signal is taken out from the processing circuit 13b which 



calculates a formula (2), as shown in drawing 2 . 

[0033] b1, b2 f bi which are outputted in computing-element 13c from 
processing circuit 13b which calculates a formula (2) It performs changing into 
the key of the die length corresponding to the cipher system chosen by the 
cipher system setting signal. A key is the bit string of the die length defined with 
the algorithm of the selected cipher system, and is b1, and b2, --, bi by 
computing-element 13c. It is generated arranging as it is or by standing in a line 
and changing the sequence. 

[0034] Therefore, actuation of key generation and a selecting arrangement 13 is 
as follows. 

1. It is xO as initial value. It inputs into key generation and a selecting 
arrangement 13. 

2. By the formula (1), they are x1, x2, — , xi. It generates. 

3. x1 generated, x2, — , xi b1 obtained by receiving and performing a formula (2), 
and b2, --, bi It outputs. 

4. They are b1, and b2, --, bi by computing-element 13c. It outputs as a key 
corresponding to the cipher system chosen by the cipher system setting signal. 
[0035] Key generation and a selecting arrangement 13 generate a key with the 
die length corresponding to the cipher system which it was controlled by the 
cipher system setting signal how many times the operation of a formula (1) and a 



formula (2) is performed or the key of the die length of which is further outputted 
from computing-element 13c, and was chosen by that with the cipher system 
setting signal. 

[0036] Moreover, key generation and a selecting arrangement 13 can also be 
constituted like drawing 3 . Key generation and the selecting arrangement 13 of 
drawing 3 consist of t keys (k1 , and k2, — , kt) and 13d of key selection means. A 
key k1, and k2, --, kt It is inputted into 13d of key selection means, and either is 
chosen by the cipher system setting signal. A key with the die length 
corresponding to the cipher system chosen by the cipher system setting signal 
by this is chosen. 

[0037] The thing of drawing 14 is used as a cryptocommunication network which 
performs cryptocommunication using the above-mentioned terminal 10 for a 
communication link. Beforehand, a network manager etc. can realize sharing of 
a key, when the key sets up. Or it is realizable with a well-known key share 
method reference "a code and information SEKIRYUTI" (Tsujii, the Kasahara 
work, the 1990 issue, **** [ Co. ], Inc., 72-73, 97 to 104 term) As shown. 
[0038] Cryptocommunication from the subscriber A by this invention to B is 
performed by the following procedures. In the following explanation, it supposes 
that it is what is shown in drawing 2 as key generation and a selecting 
arrangement 13, and the key corresponding to the cipher system chosen from 



one key with a certain die length as mentioned above is generated. 
[0039] [The pre-procedure 1 of the cryptocommunication by this invention] 

1. The transmitting person A sends the information which shows a cipher system 
to Addressee B through a communication interface 12. 

2. Addressee B receives the information which shows the cipher system sent by 
the transmitting person A through the information communication interface 12, 
checks that the data encryption equipment 11 in the terminal 10 for a 
communication link which Addressee B uses can process with the cipher system, 
and tells the transmitting person A comprehension of initiation of 
cryptocommunication through a communication interface 12. When it is difficult 
to process with the cipher system, a possible cipher system is told to the 
transmitting person A through a communication interface 12. 

3. Repeat until agreement can perform the above-mentioned procedure about a 
cipher system among transceiver persons. 

[0040] Although the above-mentioned pre-procedure 1 showed the information 

which shows a cipher system from transmitting persons, being conversely 

shown from addressees as follows is also possible. 

[The pre-procedure 2 of the cryptocommunication by this invention] 

1. Addressee B sends the information which shows the cipher system when 

enciphering the demand and information on informational offer to the 



transmitting person A through a communication interface 12. 

2. The transmitting person A receives the information which shows a demand 
and cipher system of offer of the information sent by Addressee B through the 
information communication interface 12, checks that the data encryption 
equipment in the terminal 10 for a communication link which the transmitting 
person A uses can process with the cipher system, and tells Addressee B 
comprehension of initiation of cryptocommunication through a communication 
interface 12. When it is difficult to process with the cipher system, a possible 
cipher system is told to Addressee B through a communication interface 12. 

3. Repeat until agreement can perform the above-mentioned procedure about a 
cipher system among transceiver persons. 

[0041] The upper procedure is an effective procedure, when a transmitting 
person does not know the cipher system which can set up a receiving side, or 
when an addressee does not know the cipher system which can set up a 
transmitting side. When the transmitting person knows the cipher system which 
can be set up by the receiving side, or when the addressee knows the cipher 
system which can set up a transmitting side, it is possible to perform the 
above-mentioned procedure 1 and **** and to start the next 
cryptocommunication. 

[0042] Furthermore, in a cryptocommunication network which holds a key share 



method which exchanges cryptographic keys among transceiver persons in 
advance of cryptocommunication, it is possible in a key shared protocol to also 
share the information on a cipher system with the information for sharing of a key. 
In such a case, it is possible to skip the above-mentioned procedure and to start 
cryptocommunication. 

[0043] According to the procedures 1 and 2 before the above, a cipher system 
can be adjusted among transceiver persons. Moreover, it is not necessary to 
perform the procedures 1 and 2 before the above for every communication link 
each time. For example, it is unnecessary, when the cipher system is 
beforehand arranged among transceiver persons and the cipher system 
performs cryptocommunication. 

[0044] Hereafter, the following procedure is continued between the transmitting 
person A and Addressee B. 

[The cryptocommunication procedure of the data based on this invention (related 
with the transmitting person A)] 

1. Set up the selection means 14 so that the output from the cipher system 
determined in the pre-procedures 1 and 2 may be chosen by the cipher system 
setting signal. 

2. Set the secret key KAB currently beforehand shared with Addressee B as 
initial value as the key generation and the selecting arrangement 13 within the 



terminal 10 for a communication link, and generate the key corresponding to the 
cipher system chosen by the cipher system setting signal. The generated key is 
set as data encryption equipment 11. 

3. Encipher data with data encryption equipment 1 1 , choose the cipher outputted 
from the data encryption equipment 1 1 determined in the pre-procedure with the 
selection means 14, and transmit to B through a communication interface 12. 
[0045] [The cryptocommunication procedure of the data based on this invention 
(related with Addressee B)] 

1. Set up the selection means 14 so that the output from the cipher system 
determined in the pre-procedures 1 and 2 may be chosen by the cipher system 
setting signal. 

2. Set the secret key KAB currently beforehand shared with the transmitting 
person A as initial value as the key generation and the selecting arrangement 14 
within the terminal 10 for a communication link, and generate the key 
corresponding to the cipher system chosen by the cipher system setting signal. 
The generated key is set as data encryption equipment 1 1 . 

3. Receive encryption data from a transmission line through a communication 
interface 12, decode the encryption data sent from A with data encryption 
equipment 11, and choose the plaintext outputted from the data encryption 
equipment 1 1 determined in the pre-procedure with the selection means 14. 



[0046] Moreover, it is also possible to use the thing of drawing 3 as key 
generation and a selecting arrangement 13. In that case, the key shown in 
drawing 14 means what set two or more keys, that is, the key KAB2 when using 
the key KAB1 in case a cipher system 1 is used for the key KAB between 
Subscribers A and B, and a cipher system 2, --, the key KABt when using a 
cipher system t from it becomes. Cryptocommunication from the subscriber A 
by this invention in this case to B is performed by the following procedures. 
However, since it is the same as the above, the pre-procedures 1 and 2 are 
skipped. 

[0047] [The cryptocommunication procedure of the data based on this invention 
(related with the transmitting person A)] 

1. Set up the selection means 14 so that the output from the cipher system 
determined in the pre-procedure may be chosen by the cipher system setting 
signal. 

2. the secret key KAB (it consists of KAB [1 ], KAB [2 ], KABt) currently 
beforehand shared with Addressee B - the key generation and the selecting 
arrangement 13 within the terminal 10 for a communication link setting up — a 
cipher system setting signal - two or more keys KAB1, KAB2, --, KABt from — 
the key corresponding to the selected cipher system is chosen. The selected key 
is set as data encryption equipment 1 1 . 



3. Encipher data with data encryption equipment 11, choose the cipher outputted 
from the data encryption equipment 11 determined in the pre-procedure with the 
selection means 14, and transmit to B through a communication interface 12. 
[0048] [The cryptocommunication procedure of the data based on this invention 
(related with Addressee B)] 

1. Set up the selection means 14 so that the output from the cipher system 
determined in the pre-procedure may be chosen by the cipher system setting 
signal. 

2. the secret key KAB (it consists of KAB [1 ], KAB [2 ], --, KABt) currently 
beforehand shared with the transmitting person A -- the key generation and the 
selecting arrangement 13 within the terminal 10 for a communication link 
setting up — a cipher system setting signal -- two or more keys KAB1, KAB2, 
KABt from — the key corresponding to the selected cipher system is chosen. The 
selected key is set as data encryption equipment 1 1 . 

3. Receive encryption data from a transmission line through a communication 
interface 12', decode the encryption data sent from A with data encryption 
equipment 11, and choose the plaintext outputted from the data encryption 
equipment 11 determined in the pre-procedure with the selection means 14. 
[0049] Moreover, since confidential information, such as a key of each user 
required in order to carry out cryptocommunication, is stored, the subscriber of a 



cryptocommunication network may hold the pocket mold storage 30 as shown in 
drawing 4 , respectively. The confidential information of each user required in 
order to carry out cryptocommunication is stored in the pocket mold storage 30, 
and it is made a configuration which has the pocket mold storage 30 for every 
user independently [ the terminal 10 for a communication link ] in consideration 
of safety. Although the pocket mold storage 30 may be some terminals 10 for a 
communication link if a safe field is physically securable for every user, the 
terminal 10 for a communication link which can be used for cryptocommunication 
for every user in that case will be restricted. In separating the terminal 10 for a 
communication link, and the pocket mold storage 30, and making it not store 
each user's confidential information in the terminal 10 for a communication link, a 
user becomes possible [ exchanging the user's confidential information through 
its own pocket mold storage 30, and using it for cryptocommunication at every 
terminal 10 for a communication link, ], and is convenience. 
[0050] The pocket mold storage 30 can exchange information now through the 
above-mentioned terminal for a communication link, and a safe channel, and 
has a safe field as maintenance means 30a physically. It is only the owner of 
normal that the pocket mold storage 30 can be operated normally, and it judges 
whether you are the owner of normal in authentication procedure, such as a 
password. Moreover, the thing related to the owner of the pocket mold storage 



30 is held to maintenance means 30a among the above-mentioned share keys. 
The pocket mold storage 30 is realizable with an IC card etc. In all the examples 
2-8 explained below, it is the range of this invention also about the case where 
this pocket mold storage 30 is used. 

[0051] In [example 2] this example, cryptocommunication is performed using the 
terminal 10 for a communication link equipped with two or more data encryption 
equipment 15 and 16 which performs encryption (and decode) as shown in 
drawing 5 , the communication interface 12, key generation and a selecting 
arrangement 13, and a selection means 14 to choose one from the outputs of 
two or more data encryption equipment 15 and 16. 

[0052] At this example, it is a DES cipher system (or FEAL cipher system) 
considering a cipher system as a representative of 1 . common key encryption 
system. 

2. It shall consider as two kinds of cipher systems of RSA encryption technology 
(or EIGamal cryptosystem method) as a representative of a public key 
cryptosystem, and the processing shall be realized by DES data encryption 
equipment (or FEAL data encryption equipment) 15 and RSA data encryption 
equipment (or EIGamal cryptosystem equipment) 16, respectively. However, the 
DES code illustrated here, a FEAL code, RSA cryptograph, and an EIGamal 
cryptosystem were only mentioned as an example of representation of a 



common key encryptosystem or public key encryption, and this invention is not 
limited to these but can be applied to other cryptographic algorithms. 
[0053] What is necessary is just to choose the output from DES data encryption 
equipment 15 with the selection means 14, in using the terminal 10 for a 
communication link of drawing 5 with a DES cipher system. What is necessary is 
just to choose the output from RSA data encryption equipment 16 with the 
selection means 14, in using the terminal 10 for a communication link of drawing 
5 by RSA encryption technology. 

[0054] The same thing as an example 1 is used for key generation and a 
selecting arrangement 13, a communication interface 12, and the selection 
means 14. However, key generation and a selecting arrangement 13 choose the 
key corresponding to the cipher system chosen by the cipher system setting 
signal using what was shown in drawing 3 . That is, when the key beforehand 
distributed to DES codes when a DES cipher system is chosen is chosen and 
RSA encryption technology is chosen, the public key currently opened to RSA 
cryptograph is chosen. 

[0055] Moreover, in this example, the thing of drawing 16 is used as a 
cryptocommunication network. The common key of drawing 16 and the 
public-key-encryption communication network have composition in which 
drawing 15 carried out public-key-encryption communication network addition in 



the common key encryptosystem communication network of drawing 14 . 
[0056] Cryptocommunication from the subscriber A by this invention to B is 
performed by the following procedures. However, the pre-procedures 1 and 2 
are the same as that of an example 1 . 

[The cryptocommunication procedure of the data based on this invention (related 
with the transmitting person A)] 

1. Set up the selection means 14 so that the output from the cipher system 
determined in the pre-procedure may be chosen by the cipher system setting 
signal. 

2. a cipher system setting signal — the common key KAB and public key Kp B 
from the key corresponding to the selected cipher system is chosen. The 
selected key is set as data encryption equipment 15 and 16. 

3. Encipher data with data encryption equipment 15 and 16, choose the cipher 
outputted from the data encryption equipment determined in the pre-procedure 
with the selection means 14, and transmit to B through a communication 
interface 12. 

[0057] [The cryptocommunication procedure of the data based on this invention 
(related with Addressee B)] 

1. Set up the selection means 14 so that the output from the cipher system 
determined in the pre-procedure may be chosen by the cipher system setting 



signal. 

2. a cipher system setting signal -- the common key KAB and public key Ks B 
from — the key corresponding to the selected cipher system is chosen. The 
selected key is set as data encryption equipment 15 and 16. 

3. Receive encryption data from a transmission line through a communication 
interface 12, decode the encryption data sent from A with data encryption 
equipment, and choose the plaintext outputted from the data encryption 
equipment determined in the pre-procedure with the selection means 14. 
[0058] With this procedure, it can adjust about a cipher system among 
transceiver persons, and the safety of cryptocommunication can be chosen. 
That is, a cipher system can be chosen according to the confidentiality of data 
which transmits. For example, in the case of the high data of especially 
confidentiality, a public key cryptosystem is chosen, when that is not right, a 
common key encryption system is chosen and processing is simplified. What 
says can be performed. 

[0059] In [example 3] this example, cryptocommunication is performed using the 
terminal 10 for a communication link equipped with two or more data encryption 
equipment 17 and 18 which performs encryption (and decode) as shown in 
drawing 6 , the communication interface 12, key generation and a selecting 
arrangement 13, and a selection means 14 to choose one from the outputs of 



two or more data encryption equipment 17 and 18. 

[0060] At this example, it is a 1 .DES code as a cipher system. 

2. FEAL Code 

It shall consider as the block cipher of two kinds of **, and the processing shall 
be realized by DES data encryption equipment 17 and FEAL data encryption 
equipment 18, respectively. However, the DES code and FEAL code which were 
illustrated here were only mentioned as an example of representation of a 
common key encryptosystem, and this invention is not limited to these but can 
apply other cryptographic algorithms. 

[0061] What is necessary is just to always choose the output from DES data 
encryption equipment 17 with the selection means 14 to perform DES cipher 
processing using the terminal 10 for a communication link of drawing 6 . 
Moreover, what is necessary is just to always choose the output from FEAL data 
encryption equipment 18 with the selection means 14 to perform FEAL cipher 
processing. 

[0062] The same thing as an example 1 is used for key generation and a 
selecting arrangement 13, a communication interface 12, and the selection 
means 14. Moreover, the thing of drawing 14 is used as a cryptocommunication 
network which performs cryptocommunication using the above-mentioned 
terminal 10 for a communication link. And cryptocommunication from the 



subscriber A by this example to B is performed by the same procedure as an 
example 1 . 

[0063] In [example 4] this example, cryptocommunication is performed using the 
terminal 10 for a communication link equipped with the data encryption 
equipment 19 which performs encryption (and decode) as shown in drawing 7 , 
the communication interface 12, and key generation and a selecting 
arrangement 13. Moreover, the selection means 14 used in the old examples 1-3 
is included in data encryption equipment 19 by this example. 
[0064] In this example, a DES mold (in BORYUSHON mold) code is used as a 
cipher system. Two or more cipher systems can be set up by preparing two or 
more f functions which are the component, and choosing a certain f function 
from the inside. Since a DES mold code is an algorithm which repeats the same 
processing as mentioned above, it can perform repeat processing in the same 
circuit. For example, if it circuit-izes as one batch for one step of the DES code 
shown in drawing 18 , cipher processing is realizable by repeating and using the 
circuit. 

[0065] The data encryption equipment 19 in this case is constituted like drawing 
8 . The data encryption equipment 19 of drawing 8 consists of 19d of selection 
means to choose one from the output of Registers 19a and 19b, exclusive "or" 
circuit 1 9c, two or more f functions (f1 , and f2, - ft), and two or more f functions. 



19d of selection means is controlled by the cipher system setting signal. 
[0066] The configuration of two or more f functions is realizable by preparing the 
group of Sbox of the same number for example, as f function. In this case, f 
function f1 It receives and is S11, S12, --, S18. Sbox is used and it is the f 
function f2. What is necessary is to receive and just to make it call it — using 
Sbox of S21 , S22, --, S28. Moreover, f function f1 It receives, f function of a DES 
code is used, and it is the f function f2. It is realizable also by preparing f function 
of a completely different code like [ it receives and ] using f function of a FEAL 
code. 

[0067] It is possible to perform cryptocommunication with the same procedure as 
an example 1 using data encryption equipment 19 which was explained above. 
In addition, the same thing as an example 1 is used for key generation and a 
selecting arrangement 13, and a communication interface 12. This example also 
uses the thing of drawing 14 as a cryptocommunication network. This example 
can adjust a cipher system among transceiver persons. 

[0068] In [example 5] this example, cryptocommunication is performed using the 
terminal for a communication link of the same configuration as the terminal 10 for 
a communication link shown in drawing 7 . However, data encryption equipment 
20 as replaced with the data encryption equipment 19 of drawing 7 and shown in 
drawing 9 is used. Moreover, as for the selection means, this example is also 



contained in data encryption equipment 20. Moreover, since the bit length of a 

key does not change with a cipher system, key generation and a selecting 

arrangement 13 are not necessarily required of this example. 

[0069] By this example, a block cipher is considered as a cipher system. 

Furthermore, it shall set up with a cipher system setting signal by which of 1 .ECB 

(Electric Codebook) mode 2.CBC (Cipher Block Chaining) mode, using the block 

cipher. 

[0070] Although later mentioned about the CBC mode, it explains briefly also 
here. It is DK about EK and decode in the encryption set [ a plaintext ] Ci and 
initial value to IV for Mi and a cipher, and using the cryptographic key K. The 
CBC mode is expressed with a degree type when it carries out. 

C1 =EK (M1+IV) (3) 

Ci =EK (i(Mi+Ci-1) = 2, 3, -) (4) 

M1 =DK+(C1) IV (5) 

Mi =DK+(Ci) Ci-1 (i= 2, 3, --) (6) 

[0071] The data encryption equipment 20 in this case is constituted like drawing 
9 . The data encryption equipment 20 of drawing 9 consists of block cipher 
machine 20a, selection means 20b which chooses one side from two inputs, and 
exclusive "or" circuit 20c which performs EXCLUSIVE OR operation for every bit. 
Selection means 20b is controlled by the cipher system setting signal. 



[0072] What is necessary is to make all into the bit string of 0 as initial value IV to 
input, and just to always choose initial value IV in selection means 20b, in using 
this data encryption equipment 20 in ECB mode. Moreover, what is necessary is 
to set up the bit string of arbitration as initial value IV to input, to choose initial 
value IV, when enciphering an early block, and just to choose the output from 
data encryption equipment 20 in selection means 20b, henceforth, in using data 
encryption equipment 20 in the CBC mode. It is not necessary to make initial 
value IV secret among operators. 

[0073] It is possible to perform cryptocommunication with the same procedure as 
an example 1 using data encryption equipment 20 which was explained above. 
However, in a pre-procedure, when the CBC mode is chosen, the procedure of 
sharing initial value IV is needed. For example, before performing 
cryptocommunication, the procedure of transmitting initial value IV to B from A is 
needed. Since it is not necessary to make initial value IV secret among 
transceiver persons, it is not necessary to encipher. Moreover, not only the 
secret key KAB but the shared initial value IV must be set as the data encryption 
equipment 20 within the terminal 10 for a communication link. 
[0074] Key generation and the selecting arrangement 13 communication 
interface 12 use the same thing as an example 1. This example also uses the 
thing of drawing 14 as a cryptocommunication network. This example can adjust 



the mode used of a cipher system among transceiver persons. 
[0075] [Example 6] this example improves a cipher system based on an example 
1. In this example, cryptocommunication is performed as well as an example 1 
using the terminal 10 for a communication link shown in drawing 1 . 
[0076] The point that this example differs from an example 1 is as follows. 
Although two or more data encryption equipment 1 1 existed in the example 1 , 
the key to each data encryption equipment 1 1 is immobilization while performing 
cryptocommunication once. That is, during cryptocommunication, a key is not 
necessarily changed at any time, and the same key is used from the start of 
cryptocommunication to an end. In order to raise safety to decryption by the 3rd 
person by this example to it, a key is changed at any time during 
cryptocommunication. In order to update a key at any time during 
cryptocommunication, whenever the key of the die length corresponding to the 
cipher system as which under cryptocommunication performed key generation 
and was chosen by the cipher system setting signal is generated, the key of data 
encryption equipment 11 is updated with key generation and a selecting 
arrangement 13. However, it is necessary to perform renewal of a key by taking 
a synchronization by the transmitting person and addressee of 
cryptocommunication. 

[0077] Key generation and the selecting arrangement 13 of this example are 



also constituted like [ it is the same with the case of an example 1 , and ] drawing 
2 . However, in key generation and the selecting arrangement 13 of this example, 
whenever the key of the die length corresponding to the cipher system as which 
under cryptocommunication performed key generation and was chosen by the 
cipher system setting signal as mentioned above is generated, in order to 
perform updating the key of data encryption equipment 11, the case and 
actuation of an example 1 differ from each other. 

[0078] If the key of the die length corresponding to the cipher system chosen by 
the cipher system setting signal is generated, it is not necessary to operate the 
key generation and the selecting arrangement 13 in the case of an example 1 
more than it. It is necessary to generate the key of the die length corresponding 
to the cipher system chosen by the cipher system setting signal one after 
another to it with the key generation and the selecting arrangement 13 in this 
example. That is, the key generation and the selecting arrangement 13 in this 
example repeat repeatedly actuation of the key generation and the selecting 
arrangement 13 in the case of an example 1, and is performing it. 
[0079] Although especially the algorithm of key generation of the key generation 
and the selecting arrangement 13 used for this invention can use a general thing 
as not necessarily received a limit and shown in the example 1, when a 
pseudo-random number sequence generation algorithm safe in computational 



complexity is used as an algorithm of key generation, by this example, the case 
where a square mold pseudo-random number sequence is especially used also 
in it is explained. 

[0080] Square mold pseudo-random number sequences are the pseudo-random 
number sequence b1 generated in the following procedures, b2, and 
[Square mold pseudo-random number sequence] p and q are made into the 
prime factor which is p**q**3 (mod4), and they are initial value xO (1<x 0 < N-1 

integer) and a recursive type as N=p-q. xi+1 =xi 2 modN (i= 0, 1 and 2, — ) 

(7) 

bi =lsbj(i(xi) = 1,2, --) (8) 

The bit sequence b1 acquired as be alike, b2, and -- are called square mold 
pseudo-random number sequence. However, Isbj (xi) is xi. j bits of low order are 
expressed, and when the number of bits of N is set to n, it considers as j=0 (log2 
n). 

[0081] a square pseudo-random number sequence -- law - the judgment 
problem of the quadratic residue nature in N serves as a pseudo-random 
number sequence safe in computational complexity under assumption that it is 
difficult in computational complexity, in order to make a square pseudo-random 
number sufficiently safe -- the law of square operation expression (7) -- it is 
desirable to make number-of-bits n of N into about 512 bits, furthermore, Keys 



(initial value of key generation and a selecting arrangement) KAB and KAC and 
which are beforehand shared secretly among each subscriber — 1 — < KAB, 
KAC, and — < - it is referred to as N-1. 

[0082] The key generation and the selecting arrangement 13 using this square 
pseudo-random number sequence are shown in drawing 10 . Key generation 
and the selecting arrangement 13 of drawing 10 consist of 13f of processing 
circuits and 13g of arithmetic units which perform the operation of processing 
circuit 13e which performs the feedback operation of a formula (7), and a 
formula (8). Actuation of this key generation and selecting arrangement 13 is as 
follows. 

1. Initial value xO It inputs into key generation and a selecting arrangement 13. 

2. A formula (7) generates x1, x2, and --. 

3. To x1 generated, x2, and --, perform a formula (8) and output b1 obtained, b2, 
and --. 

4. Change b1, b2, and into the string key k1 of the key of the die length 
corresponding to the cipher system chosen by the cipher system setting signal, 
k2, and in 13g of computing elements. 

[0083] Drawing of the cryptocommunication in the case of updating a key at any 
time to drawing 11 is shown. A block cipher is considered as a cipher system. 
Setting to drawing 1 1 , for ku (u= 1 , 2, --, t), ku (u(Muv) = 1,2, --, t;v= 1 , 2, --, s) is 



[ Muv (u= 1, 2, --, t;v= 1, 2, «, s) / block / plaintext ] Key ku about the plaintext 
block Muv in the key of a block cipher. The cipher block enciphered and acquired 
is shown. Here, s blocks from Mu1 to Mus are the same keys ku. It is enciphered. 
The plaintext block of drawing 11 is enciphered by two or more cryptographic 
keys by using in order the key sequence k1 updated by above-mentioned key 
generation and selecting arrangement 13, k2, and — as a key of a block cipher. 
Thus, by updating a key at any time, the number of the plaintext blocks 
enciphered with the same key becomes s pieces, and can make analysis of a 
key difficult. In addition, this example also uses the thing of drawing 14 as a 
cryptocommunication network. 

[0084] Cryptocommunication from Subscriber A to B is performed by the 
following procedures. However, the pre-procedure is the same as that of an 
example 1. 

[The cryptocommunication procedure of the data based on this invention (related 
with the transmitting person A)] 

1. Set up the selection means 14 so that the output from the cipher system 
determined in the pre-procedure may be chosen by the cipher system setting 
signal. 

2. Set the secret key KAB currently beforehand shared with Addressee B as 
initial value as the key generation and the selecting arrangement 13 within the 



terminal 10 for a communication link, and generate the string key corresponding 
to the cipher system chosen by the cipher system setting signal. 
3. It uses updating the string key outputted from key generation and a selecting 
arrangement 13 at any time as a key of data encryption equipment 11, encipher 
data, choose the cipher outputted from the data encryption equipment 11 
determined in the pre-procedure with the selection means 14, and transmit to B 
through a communication interface 12. 

[0085] [The cryptocommunication procedure of the data based on this invention 
(related with Addressee B)] 

1. Set up the selection means 14 so that the output from the cipher system 
determined in the pre-procedure may be chosen by the cipher system setting 
signal. 

2. Set the secret key KAB currently beforehand shared with the transmitting 
person A as initial value as the key generation and the selecting arrangement 13 
within the terminal 10 for a communication link, and generate the string key 
corresponding to the cipher system chosen by the cipher system setting signal. 

3. Encryption data are received from a transmission line through a 
communication interface 12, and use, updating the string key outputted from key 
generation and a selecting arrangement 13 at any time as a key of data 
encryption equipment 11, decode the sent encryption data, and choose the 



plaintext outputted from the data encryption equipment 11 determined in the 
pre-procedure with the selection means 14. 

[0086] Moreover, although the square mold pseudo-random number was used 
as an algorithm of pseudo-random number generation safe in computational 
complexity, anythings can be used if it is a pseudo-random number generation 
algorithm safe in computational complexity, for example, it is shown in said 
reference "a code and an information security" (Tsujii, the Kasahara work, the 
1990 issue, **** [ Co. ], Inc., 86 pages) — as — RSA cryptograph and dispersion 
-- the thing using a logarithm and an inverse number code can also be used for 
the algorithm of pseudo-random number generation of this invention. Moreover, 
the approach of updating the key explained by this example at any time is not 
only applicable to an example 1 but applicable to examples 3, 4, and 5, although 
explained based on the example 1. 

[0087] As for the [example 7] example 1, a key chooses a certain cipher system 
from the cipher systems (plurality) of immobilization, and an example 6 chooses 
a certain cipher system from the cipher systems (plurality) with which a key is 
updated. The key enables it to choose a cipher system by this example as a 
variation of the two above-mentioned examples 1 and 6 between the cipher 
systems with which the cipher system and key of immobilization are updated. 
Moreover, in this example, cryptocommunication is performed using the data 



encryption equipment 1 1 which performs encryption (and decode) as shown in 
drawing 12 , a communication interface 12, and the terminal 10 for a 
communication link equipped with key generation and a selecting arrangement 
13. Here, since explanation is easy, data encryption equipment 11 presupposes 
that it is one. 

[0088] By this example, a block cipher is considered as a cipher system. 
Furthermore, the block cipher is enciphered using the key of 1 . immobilization. 
2. Encipher, updating a key. 

It shall set up with a cipher system setting signal, using ******»s and others 
method. 

[0089] Key generation and a selecting arrangement 13 are controlled by the 
cipher system setting signal, and in using it with the cipher system "which 
enciphers using the key of immobilization", key generation and a selecting 
arrangement 13 will suspend processing, if a fixed key (one key) is generated. 
Moreover, in using it with" cipher system which enciphers while updating a key, it 
performs actuation of repeating processing and performing it in order that key 
generation and a selecting arrangement 13 may generate a string key (two or 
more keys). What is necessary is for a cipher system setting signal to generate a 
fixed key in key generation and a selecting arrangement 13, and just to encipher 
using the fixed key in data encryption equipment 1 1, in using the terminal 10 for 



a communication link of drawing 12 with the cipher system "which enciphers 
using the key of immobilization." Moreover, what is necessary is for a cipher 
system setting signal to generate a string key in key generation and a selecting 
arrangement 13, and just to encipher in data encryption equipment 11, updating 
a key one by one with the string key, in using the terminal 10 for a 
communication link of drawing 12 with the cipher system "which enciphers while 
updating a key." Key generation and a selecting arrangement 13 use what has 
actuation the same as an example 6 with the same configuration as drawing 2 . 
Data encryption equipment 11 and a communication interface 12 use the same 
thing as an example 1. Moreover, the thing of drawing 14 is used as a 
cryptocommunication network. 

[0090] Cryptocommunication from Subscriber A to B is performed by the same 
procedure as an example 1. However, when enciphering updating a key is 
chosen, the cryptocommunication procedure of data is performed by the same 
procedure as an example 6. 

[0091] By this example, it can adjust about a cipher system among transceiver 
persons, and the safety of cryptocommunication can be chosen. That is, a cipher 
system can be chosen according to the confidentiality of data which transmits. 
For example, in the case of the high data of especially confidentiality, it can 
perform choosing the cipher system "which enciphers while updating a key", 



choosing the cipher system "which enciphers using the key of immobilization", 
and simplifying processing, when that is not right. In addition, although data 
encryption equipment 1 1 was set to one in this example since explanation was 
easy, two or more data encryption equipment 11 may be used. In that case, the 
selection means 14 for choosing the output from two or more data encryption 
equipment 1 1 is needed. 

[0092] [Example 8] this example is the case where a little configuration of the key 
generation and the selecting arrangement 13 used in the examples 6 and 7 is 
changed. In the examples 6 and 7, since the key currently shared among each 
subscriber is immobilization, when a transceiver person is the same, the initial 
value of key generation and a selecting arrangement 13 turns into the always 
same value, and has the problem that the same string key is generated, also in 
the cipher system "which enciphers while updating a key." 
[0093] then, even when a transceiver person is the same, whenever he uses the 
initial value of key generation and a selecting arrangement 13, as he changes, 
he is trying to raise safety in this example 

[0094] xi+1 updated one after another by the feedback operation in the formula 
(7) and formula (8) which are the procedure of the string key generation shown 
in the example 6 It will be called the internal variable of key generation and a 
selecting arrangement 13. Key generation and the selecting arrangement 13 of 



this example consist of 13h of processing circuits which perform the feedback 
operation of a formula (7), processing circuit 13i which performs the operation of 
a formula (8), and computing-element 13j, as shown in drawing 13 , and it has 
composition which can read the internal variable further updated by the 
operation of a formula (7). The read internal variable is memorized by 
maintenance means 30a of the pocket mold storage 30 connected to the 
terminal 10 for a communication link which was explained in the example 1. 
[0095] Although migration of data is an one direction only by setting initial value 
to key generation and a selecting arrangement 13 in the examples 6 and 7, in 
this example, the internal variable of key generation and a selecting 
arrangement 13 can be read to hard flow. Replacement is performed to the 
common key which used the read internal variable for this cryptocommunication 
as a common key used for next cryptocommunication. 

[0096] Moreover, the terminal 10 for a communication link which can be changed 
whenever it uses the initial value of key generation and a selecting arrangement 
13 can be constituted by transposing this key generation and selecting 
arrangement 13 to key generation and the selecting arrangement 13 of drawing 
10 . 

[0097] Cryptocommunication from Subscriber A to B is performed by the 
procedure shown in the examples 6 and 7, and the same procedure. However, 



in the case of the cipher system "which enciphers while updating a key", the 
procedure, of "holding secretly as new initial value for carrying out 
cryptocommunication to A (or B) next time the value of the internal variable of a 
key generation and a selecting arrangement when decode of encryption data is 
completed to the maintenance means of pocket mold storage" to both 
transceiver person is needed at the end. 

[0098] Each above-mentioned example is constituted so that it may be based on 
the cipher system setting signal, it may shift and that cipher system may be used 
alternatively. A transmitting person may choose an above-mentioned cipher 
system setting signal as arbitration, and you may make it choose one of cipher 
systems automatically here according to the class of data transmitted. 
Furthermore, when a transmitting person specifies the security rank of 
transmitting contents, you may make it set up automatically the cipher system 
which has the reinforcement according to the specified security rank. Moreover, 
you may make it the above-mentioned cipher system setting signal change code 
reinforcement automatically according to the mode in which the communication 
link between the modes of operation A and B between the transmitting persons 
A and B, i.e., transmitting persons, holds for example, TV meeting, the mode in 
which a confidential communication link is performed, etc. Furthermore, those 
who communicate data may set up a setup of the above-mentioned cipher 



system preferentially, and may enable it to set it up to both the transmitting 
person freely. However, when weakening code reinforcement, it is desirable to 
perform the communication link which performs negotiation for needing the other 
party's consent and obtaining the consent. Furthermore, you may make it set up 
a cipher system according to the decode capacity of the other party. 
[0099] 

[Effect of the Invention] As explained above, by establishing the selection means 
which can choose a cipher system as the means of communications which the 
transceiver person who performs cryptocommunication uses, by enabling it to 
change a cipher system and sharing the selected cipher system among 
transceiver persons in advance of transmission of a cipher further, selection of 
the conventionally impossible cipher system is enabled and, according to this 
invention, cryptocommunication with a high degree of freedom is made possible. 



DESCRIPTION OF DRAWINGS 
[Brief Description of the Drawings] 

[Drawing 1] It is the block diagram of the terminal for a communication link by the 
examples 1 and 6 of this invention. 



[Drawing 2] It is the block diagram of the key generation and the selecting 
arrangement by the examples 1, 6, and 7 of this invention. 
[Drawing 3] It is the block diagram of other key generation and selecting 
arrangements by the example 1 of this invention. 

[Drawing 4] It is the block diagram of the pocket mold store by the examples 1-8 
of this invention. 

[Drawing 5] It is the block diagram of the terminal for a communication link by the 
example 2 of this invention. 

[Drawing 6] It is the block diagram of the terminal for a communication link by the 
example 3 of this invention. 

[Drawing 7] It is the block diagram of the terminal for a communication link by the 
example 4 of this invention. 

[Drawing 8] It is the block diagram of the data encryption equipment by the 
example 4 of this invention. 

[Drawing 9] It is the block diagram of the data encryption equipment by the 
example 5 of this invention. 

[Drawing 10] It is the block diagram of the key generation and the selecting 
arrangement using the square mold pseudo-random number by the example 6 
of this invention. 

[Drawing 11] It is a block diagram for explaining the cryptocommunication in the 



case of performing renewal of a key by the example 6 of this invention. 
[Drawing 12] It is the block diagram of the terminal for a communication link by 
the example 7 of this invention. 

[Drawing 13] It is the block diagram of the key generation and the selecting 
arrangement using the square mold pseudo-random number by the example 8 
of this invention. 

[Drawing 14] It is the block diagram of a common key encryptosystem 
communication network. 

[Drawing 15] It is the block diagram of a public-key-encryption communication 
network. 

[Drawing 16] It is the block diagram of a common key and public-key-encryption 
communication network. 

[Drawing 1 7] It is the block diagram of the conventional terminal for a 
communication link. 

[Drawing 18] It is the block diagram showing processing for one step of a DES 
code. 

[Description of Notations] 
10 Communication Terminal 
1 1-20 Data encryption equipment 
12 Communication Interface 



13 Key Generation and Selecting Arrangement 

14 Selection Means 
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(57) mm 

SBg^RtflTOT^Bf^gHl K Bg^SHl 1© 

i ■ozmmmm® 1 4 , ^©smcjsctr^© 



' 91 0 V A * ^ H I K- 



(2) 

1 

mm i ] ^tt^ngfix- 9<mm£&x&m 

mmzi ±fssmmctstifbtu ±tmm® 

a*«*fc»** i is«oBi^a{iSK 0 

c««*3] mmmmmiztis ±m^r- io 

mm 41 immmmmn, iisjiiR^a 

Bo 

m^ctmmttzmxmmmmmmu, 20 
5 c t mm t ?%mm 5 fEKoHg^imsBo 

SBWft-rsw^fk^af:, 30 
■b+ayrw^v^^iftrrsft^ai:**!*^ 

[BUR* 9] *yh7-f±otHWB*HTit^fk« 
tifcr-*©jI<i£fT5fcfc&fc> «f^ft75rS*a«L 

m&iDWfflHcX. 9ft£*nfci«fl^S*ffl©ii* 
81tJ:»)«Ht*»^fc:, ±e^©**«MI©* 

40 

[000 1] 

[gH±©fiJffl#^] *58WI4, r-**8H**fcJ& 
[0 00 2] 

[t£*©a«] iS^ «WifilHlcfett«3t7r>f^* 

£HB©£fflfL D-ij;l/X7U*7 hy-*<D%m 
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2 

> tr a - * r- *!?© v^f- ^ r 7tit § c 

fcbxa<r©i«^!Wo6nT^5o ^n&wttt^t 

[0 0 0 3] HI 4tt#a«**l«*vh7-*, 0 
1 5tt£MNHil^9 h7-***t. 01 6fi« 
MM, h7-***U 01 4©£1S 

8f*§HB*>v F7-*fc0 l 5©&Mftli9i9fil*'y b 
7 - * £ ft to L ft £ & o -a ^ o 
[0004] $?, «a»BS#»Sfc**i«fjiflk:o 
^TSB^S, &B««H§Hfc*yh7-$' , T?ti, 01 4 
fc^tiSfc, F7-^©*dA#P^T*@ 
t*^ttO|*MLT^5 0 A» B, C, Mtt 
*©*-y h7-^©ftlA#, K*b , K« , -tt^ft^ft 

«*«AfeafiffliS**i$oT^4o fi£*©ftnA#Afr 

[0 0 0 5] 1. Att, &6frU#£il?cB t£WLT 
^58»B©«Kii **fflfi©l6#Sli©«fcLTfflV>T 

*Bt2l#r5o 

2. B{ife?)A^46^fS7cAi:±tWLr^5$M©aK 
« **afi©HH«l©«4:UTffl^Tii(H*S«!:J:5 

A^6©sfltt:*a#u afl**i#*. 

[0 0 0 6] aM«l*##SfcJ:*l«^fflfco 

t^ra^*. 01 5KS-rj:aK, aiMMH3a«*y 
h 7-^©tt : F«sMsttt, m\%<o'tfmmx% 

©ID (^t5#) fc^^fctlS^Tf^StlT^io 
01 5fcJ3^T(i, *DA#A, B, M©^Ria«K 
p a , K p . , K p . T'^LTl^o $fc£ftlA# 

{* g»©^Hi«fc*»s t fciMHi*a«K«wts. 0 

1 5K*VTtt, JDA#A, B, M©^g|%K ! 
n©i)DA#«, 01 7fc^Sn**5ft, ^'Vh7-^ 

T-!*i66nfc7;i/rr«j xhMMrsxwyt (msm) 
©ta a# a *^ b ^(Dmw%nmmmT<DmT'fi 

[0 00 7] ^*©A0 At A 6 B ©4MS 

1. Att3MM$feB©i^aK p b **a^©m^gfi© 
«fcLTi^Tie^aniic«k»)aii**ii^ku ^© 
e^{ki/fcfc©*Btjjsfi-r*. 

2. Btt, g^M^K' . £#ffl<S©Bg*fgfi©8 



(3) 

3 

So 

[0008] &,±ms<rc£?ic, mxzmmzm. 

£.„ 10 
[0 0 0 9] CCX\ ®M<DVgm:&£LTDE S 

LTfctK cn&OSBt^ 
£lSfcli&£fc-ti/i:i!ia£ 1 S^^JItilfcfcJ; 

€3 Cite it), 7C<D¥££«7C-f5 0 20 
[0 0 10] C<Dfr%M&McCDA7*-**5 6tf-y 

h<omxm%.tZo mo>m<Dm2<D5 6% cm o 

xvttm^iZftot, lHI©f-x>y^t5 00 ns 
frfrZttZ t (12 8Mbps ©SQSiiS) , £WT* 

i o o o^jga*^§tt»t*§o 

[0 0 1 1 ] D E SOB^Mam 6 4 e<y h 

o¥itwLTtei ($#msii p) *m>ns 0 ci<d 
ip") tffibtiSo z<Dmnm$>®%x*&%o 

[0 0 12] SJ»jigBtffTfrnfc6 4 \£y h<»T-$ 
##Ro tftS 0 C©Lo tRo fr£L,6 fcR.sfcftS 

ST*i 6©tct>fc^T0i 8(c^-rsaa^frt«n?.o o 

ngg©$aa^7LfctfO£fe©3 2tr<yb 
^n^nL„ , R„ tt%t. L„ , R. liX£.X% 

[0 0 13] L„ =R^i 40 

Rn = Ln-l #f (RrH , Kn ) 

[0 0 14] CELT, #filf v 2CQgf« 
§ta&£lci*U K„ ttnggfcA*l£n5 4 8^7 h 
©S, L, tR r . tf^n^ftn- lggOHtfk f 
!iR,> K» 2 l£ 7 h<DT-Z*tiitlt5 

[00 15] 

[^W^L^^fTS^] LfrLfttfeN ft*<D 
{£ffl*-K£®fflU $fcBg^j8S^cflLTH<D«fc?ft 50 
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4 

mmcmixiz3§Mztix^%fr?rco zntctb, ma 
gtmgxmm^ttttmxzz^mm 

zoicLxmgmmx-mmfto c tia:>), 

CfctfTtftfrofc, 

[oo 1 6] set, jfostj-rsffiffliofflBfciSi; 

T, ^«fc^8lfcTii£#^*fl"5£fe#SftH0 
■MftHLTfi^liSnTlf^ft^ofc. #fc, JpOWt) 

jWMHtojfcM* «-e*n« fie*oa«-«as^fc J: a ft 

«lot»*e«1"5, fci^.fcSfteifctf'Ctftfro 

[o o 1 7] *jhhh:, immm&zmmzrctbic 

[0 0 l 8] 

[^s^d?at5fci6(D¥is] »*a i oawt^T 

Efflfll#gt»tt5tU *»0l«5fl^£© l 0*«R 
[0 0 l 9] »#«7 0ISBfci3^TH:, *ft©««ft 

^fk¥g(i, JB3£«nftt-KR:BCTii»{WS*a 

[0020] is*s8ofBBk:j3^Ta, mmmmt 

[0 0 2 l] SJ*S9©«Wfcfel/^TI4, ^7h7-f 

ttDmmxmx^itznrcT-zvmmfio 1 1 
fete Hf#fKra*ai?Lfi«j:5fcufeie^afis/^ 

[0 0 2 2] 



(4) 
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mch-c^io tit. ^mmmmKix^ 

So 

C00 2 3] 

So 

4 ] d e s m^ictt u mm f mmm 

[0 0 2 4] Blffi0lj5] 7P-y*Ht*§fc»U «JB 

BI«fi»J6] r«*M«fb&^6i©^fi:%fT?j &» 

o»if^*ao*!b»5m^ss*s£t*. 20 

[H»J8] i«7 0 r«*®&rLa:tf6HI#fk* 
[0 0 2 5] £f£L> #£W§©*Btt, «»0Ut#£S 

W&Mt%z.t\zh% a tit. ^mccfcoTBf^o^fi 
*ajRTt5±5ELfcci:ic**. fot, a*R2n 30 
mmm^ttt lxh, m,m*Litmir&k 

TOflw*SK"ov^T*»w^-r c t \mmx<&%* 
tit, aftow#*s*e*^*ft«fc5fti«#*s 

[0 0 2 6] [*fiS0J 1 ] ***WT»tt, 0 1 (C^t<k 

t. ifs^y^7x-xi 2 k, R&g-sftsiii 3 

t. mm^mwi 1 oato©**^ 1 ozmmz 40 

x,.. = f (x, ) (i =0, k ■ 
b..i =g (x,.i ) (i =0, K • 
[0 0 3 2] tt£jft-Sft£tll 3». H2fc*-fJ:$ 
fc, * (1) 07*-K/<y****fT5*yil§IBl 3 
at, * (2) O«JI*fT5ffll0Bl 3bk, Bg*§£ 

sktrntitfi. a (2) ©ing^fTafflaiHiKi 3 b* 
e^^nso 50 



[0 0 2 7] £4cDlf#gB 1 1 «, ^ft^ttS^Bf 
•«NWfjS2 

2 , WHSS t CD&B^gl 1 1 T**©ffla#*S 

«fr*HW*SRSfll^fcJ:»)RSTftS. iff, WT© 
ffg^SBl 1 ^^MtCfCCTBi^K 1 •- t 

[0 0 2 8] 1 4 tt, l&^fcSRS£ffl#fc<fco 

a: «kir\, H«tis^3EnS2 oie#«ia*fT^fcv^t 
ttm^^nsRS^K «fc o xmmm 1 4 ^nt^gB 2 

[0 0 2 9] jiM^>^7x-Xl 2tt, Blf^SS*^ 

tmtv&mmi ix^mtsnrcmm^tmrn^ 

Sft-f 5 fc*©iM-f y * 7 x -X T'feSo 

[0030] ££fc HRtcm^sastaogstts 
t^4^ • jhrsb 1 3 # &*, n^fig • mwm 1 3 

[00 3 1] E92(c*£HlcJ:Stt£j£ • S^SB 1 3 
■ l.3»cA*Sn***ft«*jfoioO««, ttTO 

•) (1) 

•) (2) 

[0 0 3 3] «H» 1 3 c Ttt, a (2) ©«J|%ffa 
ftfflBBl 3b*»6W**n*bi, bz , -n b. * 

7;UJUX^-pje«)&nftftJoey h^JT-fet). sis 
SI 3 ctioTWAtf b. , b 2 , b, **OS 
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[0034] • a^sn 1 3 mmm 

tic 

2. S (1) fC<fctK x. , xi , x. *3E.m 

5 0 

3. 4J«S*lfcxi , xa , x, tWLTS (2) 
**ffU ftStlfcbi ^ b2 , -\ b, *mtZo 

4. ttNSl 3cfcJ;!3b, , b 2 , b. 10 

[0035] • mmm 1 3 w^aRigfli 

^iaoT, a (1) airac (2) ©&g%«T? 

[0 0 3 6] tt£j£*Stt&ll 3ttH3CJ:3 
fc*«t*CfetBrtl1f**, H30«&S-»R«« 20 
i.3tttffl©« (k. , kz , k, ) £ftatt¥& 
1 3 d fc^6*di«n*o ttki , k* , k« ttft 

JRt*. 

[0 0 3 7] ±IEl<ifflffl* 1 0*Jfl^TBS<§iHI*fT 
5»Wa«*y h7-^i:LT«01 4©fe©*ffll^ 
5o *©8*«\ *6fri;«>*y h7-*©ff8#<SW 
»OR€LT*<Ci:lCj:oT3ltlSl"P#*o **W4, 30 
*K rnWfclMB-fe+'Jar-rj Gt#, ffliW, 19 
9 0£Hfi\ «a^ai8JHi:, 7 2-73, 97-10 

[0 0 3 8] *58Wti«*nA*A^6 B'vom^lft 

#$■1 3£LT«\ B2fcjjV*-fc©T**l:U ±IB 
©iSfc, ***S*»oio©«fr&aiRSftfcflH§ 

[0 0 3 9] [*^£<t:«l8^ft©tt¥JIl] 40 

1. w^*a*^***a«>f>*7x 

2. Bfi, a#gAfr5a&*lT*fc«»*5S* 

u gmzmmLx^zmmmi ofcfcsuw 

^l<M©P^7»*lfl^y*7x-7> 1 2*^bT 
*^LT3HB«AKeA*, 50 



«ffl!¥9-l 8 4 6 9 

8 

[0040] ±ia<DB(f¥)i 1 m «^*s**tiiMfi 

*a«#©*fr&*Lfcff, a»fc*©J:3fc3flMff©£ 
fc J: 5B§^a^<Dtu¥)i 2 ] 

1 . b it, mvmmm t *©it mt 

*^UT3MMSAt2S*. 

2. gffitAfi, 3fl#BfrS3S&ftT*fc1MR©«tt 
7. 1 2*ftLT£«U a#gAtff!lfflLTV*aflWfl 

1 0 \ch^^mmmm^^x-mx^ 5 c 
fc*»Bu ^a<i©pj&©7jg*a^>*7x- 

XI 2*ftLTS#f Bfc£*.*o ^OUS^SS-pfflffl 

3. m^m^mm^mj^mLx^mx' 
t* si?* oat. 

[0041] ±©¥«{4afflt#*»sflnioR3eBrj!6ftii(f 

x&%mmmwm*im%^ttmox^% 
[0042] s&fc % m^afitjfe4oT«««*asa 

flWWe&SrrSJ: 3 &®«W73i£*fT 5 J: 3 &Bgi§a 
T, «©^©fcfc©1**^«tel^5rS©1MRfc«S 

«*««LTiiwafli*iii»-r* c t*wtrc*;&3 0 
[0043] ±iEM¥)ii , 2t±ntf, m§mmx 

[*5eflfc«fe-5r-*©HWa«¥Ji (^#A(c^t 

5) ] 

1 . WjSrSRJgOTfc J: 0 , *9¥« 1 > 2 TftS Lfc 
«H»#=S*»6©ffl^»R*n*«J:5lca«?#ai 4% 

2. fe6A>i;ii)Sfll#Bi:ft*LT^«a»B©«K« * 

aiffl«* 1 0 rt©n^fi!c • mmm 1 3 fc«j^fiffc l 
t^£u n»*aiBgweaiR«ntefl»*afc» 

3. lKJ:»)r-^*«»fl:U 
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[00 4 5] [*5BPJIC £ 5 r- * ©Rf^il£¥JI (S 

1 . ^ttmmmc «t o , *bw i , 2 u^s Lfc 

2. &afrU#£©#Ak«£LT^§IB&©SK», £ 

1 0 rtoa^/s • mmm 1 4 tc^fik l ior 
xmu mJTffl&mT^ztiitmtticti 

3. »*§-fy*7x-*l 2£ftLT££Sgfr5>Ht*t{t: 

t-**£«u m^SHi iic«fct)A3^5jase.nT* 
[0046] s it. mzj&-wsmmi 3 1 ltei3© 

?B$©aK», , H&^S2*ffia^O«K« • 

58 Wfc ct 5 to A# AfrP> B ^©Hg^aMfi J-XT©¥I® T* 

[0 0 4 7] [*5HBlc £Sr-*©H|*§a<§?l® (3S 
WtAfcHtS) ] 

2. *5fri;B>§<B#Bfc£*fL , t^5lKB©»K 

» (Km, , K« , K«. A^flUSStlS) £3 
fBfflffi* 1 OrtOtl^JS • JMefi 1 3fcRj£U 

xmmmcx*), &&©8Ki» , k* , k 
XR*wtm&w&&* 1 1 fcassnso 

3. Rf^gfil HCfcDr-^WIfcU «R?®1 
4£J:9t<l¥JI-T?ftj£Lfc«Hf8ill lfrBJltfjSft* 

«H§x*as?u a«-ry*7x-*i 2*^ltbic 40 

[00 4 8] [*IHHfc «t 5 r - * ©Bf *§a#¥H (S 
fltBtH**) ] 

« (k«. , iu , k« *^*issn*) *a 

Mffli&i* 1 0rtO«£/S • SiRSB 1 3 fc»j£U 
#SR£M*UCJ:»), 8»©8Kiii , K«2 , K 50 
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» *«6aiRsnfeiii»*ak:»isufc«*aR-r«. 
awsnfc«ttiii^R 1 1 tdftgsns. 

3. »€-<y*7x-;U 2*ftLT£2a»fr6B#fc 
r-*£gffU m^SBl lfc«fc»)A*»52l6nTt 
fcBt^tr-^fcBHIU l*R?Sl 4£ c fc?)itu¥flIT' 

sn^bfcm^gBi 1 ft»&a**n5¥i*aiR-r*o 
[0049] atmrnm*? h7-*©inA#H:*n 
fft^affl-rsfcJ6{c*^*§a— *©»££©» 

«WB*tt*frrsfc«>K:, B4fc*Sft5<fc3fc*ffS! 
E*«H3 0*fiWl/tVTfcJ:i/\, 3 

aWftttsnr*?), s^tt^%i!braiifflS*i ot 
asijic&n— «f s(c«^aiEiiSB 3 0 ct 0 %m 

T'f 3&&$ffil!£1g£g3 0t±a©fflS* 1 0©-gB 

^fflT'tsa<ifflffi*i 0!b«^nTLS9 O a«ffl 

Jig* 1 0 kfltMEttSB3 0 fc*#*U afifflS* 

tX\ a-ifl4H©aMfflJB*i Ot-ta^OlflE 
USB 3 O^UT* ©a— 9*©IH6fl!«*^t) k 5 L 

[0050] mwimmw3 on, ismmittt 

ft±imm&*ft L Tit ^©^ •JUD^rff^.Scfc^tfi: 
oTfef), «fl!«lcg^ftiBtt*ffilf^a3 Oak LT 

*5©fiiBS©BTW#^tT*5x K^©BK 

fE©«Wa©a-6^©BIMH1iSfi3 0©frS#{c|« 
«tSt©*fiat^®3 0 afcftfcl/tVS. M 
ttgfi3 0(il C*-K^K«tt)lia^tS. ttTtIB 
Wt 5^T©HS£0IJ 2 ~ 8 tfe^T, C ©«MEHS 
B3 0^ffl^-5^{cMLTt*f§W©|gHT'fe5c 

[0051] [hji^j 2 ] ^mmmx-it, m 5 t^-r * 
a 4, si^t: (RaTO *fT5«a©m^8Hi 5, 
1 6 fc, mmy$7*-x i2t, m&s. • ss?sb 

1 3 lta©B|^SB 15,1 6©titfj©ffr5 1 o 

*an-r«aiR¥a 1 4t^fiK.fca#fflis*i o^ffl 
^TBf^aM^f^o 
[0052] *n»T-(i, m#»a* 

1 . mm^^tomt ltd e sn^&a «fc 

2 . mm^mimm t lx r s a bi^^s ($ fc 

(i E 1 G a m a 1 l#§£S) © 2 «S©B|^Sk L> 
^-n^tlD E SBg^SB (SfcliF E A LB|^gB) 1 
5 k, RS Affl^SB (SfcttE 1 Gama 1 Hg^g 
fi) 1 6kTf*©ffll3!^ISSftT^«t.©l:-r«o It 
f£U CCTW^LfeDE SBf^ FEALHg^, RS 
A«t#, E 1 Gama 1 B|#tt, «a^B|^«±l^ 



(7) 
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[0 0 5 3] H5©fflflMJtt*l 0*DESHH*#S"e 
ffiffltSWStett, 1 4 T'ttD E S H^SB 1 

fflig* 1 0£R S AH»*S-C«fflt*«^ttt, SIR 
¥8 1 4 T'ttR S ABg^gt 1 6fr60ffl**aRt* 

[0 0 5 4] ft&S-SR&Ill 3, l#>r>*7x- 
7.1 2, SK¥S1 4ti, 1 4:R|*OtO*ffl^ 

o%fflif\ ie§2n£R£ft#K±^Tatftifcifc*§#5£ 

fcWJ&rsttfcajR-rSo -oft), DESB^StfS 

5«*as?u r s Ang^^ji^n/c^i, rs 

ABg^fflfc^WttTt^lW^aiRlT-So 
[0 0 5 5] Sfc, *&HWm HtJ§afl*y h7- 

^fcl/CttHl 6©&©%ffl^3 0 HI 6©&aM, 1" 
h 7-*ttBI 1 4 ©«aflHf*fa<i* 

y Y U—> Km 1 5 ©&BMH&*!!©* y h 7-^ttto 

LfciJSfc&oT^So 20 
[0 0 5 6] *58lfifcJ:*i0A#A^6B'\OBI#afll 

tt, WT©¥HT*?rbft*o fc£U M¥JSl, 2tt* 

ttffji kEwefc*, 

[*JBflfc<k*r-*OHWlfll¥ll G8fl#AfcH* 

5) ] 

1. BS9*S»«fll#KJ:»), flEWTftSLfcl*** 
£fr6©fcWliR£ftS£?fcaiR?8l 4*Rj£* 

2. HHtfSSWIlCfc*), «a»KA, k&P*1®K P 

aRSftfc»iie*§s*i 5, i6tisis«nso 

3. Bg^SKl 5, 1 6Ei»)r-**lS#{kU MM 

suHi&a&u a^>^7x-xi 2^ltb 

[0 0 5 7] [*58W£«J:«7*-*OllHa^«l (S 

m bkm**) ] 

5o 40 

2. «*6raKffi£«*fcJ:»>, «1&K U kiMK 1 

3. l€-r>^7x-Xl 2*^LTfi3a»*»6llW{k 
[0 0 5 8] C©¥JHfc«J:»>, 2SSffl#BT?BH*at 

trusts c Rg*taf§©$£tt*afl?-r 

5Ck*«1?t*o -3$?), ^-r-Sr-^C^tttCjS 50 
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r-2©i§£fc{i, 4ffl!»*9^*aiRU 

[0059] mmm 3 ] m 6 tstn 

7, 1 8k, lffil'^7X-Xl 2 k, ms-tit-m®. 

m 1 3 k, mom** 17,1 8©m*©>f *»s 
1 -ozmmsmmm 1 4 ksrix-fcafflffis* 1 0 

[0 0 6 0] **»jT*(i, BI^SSkbT 

1. DESSt^ 

2. FEALBf^ 

©2©l©7'ny?Bi*§kU S-ft^tiDE SUf^SE 
17k, F E A LBg^gfi 1 8 tT'ZtDWmmt&tl 
SfeCfc-rS. fc/cL, CCTflW^LfcDE SBf^, F 

e a iwiammmoKmt Lzmncmx\ 

[00 6 1] 06©a«fflS*l 0%ffll/>TDE SB|^ 

«ia*fT^fc^«£i4, a^a 1 4 -eaurtD e sm 
9&m 7*»6©a**»R"r*j:5fctntf ^\ $ 
fc f e a Li«<wia*fT^fcv^tt, mmm 1 4 

TttHfK F E A LBg^f&B 1 8*»6©ffl**aJR"r*«l: 

[0062] m$Lf$.'Mmw\ 3, am^>^7x- 
712, as?¥gi 4(i, a«i kH«©t©*flai> 

Bt^a#*-y h7-^kLT{±01 4©fc©*ffll>*o 

Myi kHtt©#je-efft>ns, 
[0063] mm\ 4 ] *^«M?i4, 0 7 t^-r «t 
54, m#<k (rcto) m^nmmi 9 k, a® 

^y^7x-xi 2k, 8^-aWSBi 3k^ffix 

s-e©^t«!i~3TS^T^saj?¥ai 4 a, #n 

[0 0 6 4] **aSWT»li, Bt^Sk LTD E SH 

■e**fH»*afRffl«U *©*A»6**fBI»*a 

^t-SCkfcJ:^, «R©«H§#3*RJ£T»**, DE 

XAT*fe5©T% rauBB-eiioaLjaaifT^cktf 

RTS£T*&3o 0IJxtfl 1 8 K^ttlft D E S l£*f © 1 S 

^© i mm k t Tiassfb-rntf , * <omm o a 

[0 0 6 5] C©^©Bt^gBl 9«08©<fc^(C^ 
fig^n^o 08©^SB1 9 tt, 1 9 a, 1 

9 b k, P«ttJIfo[II8g 1 9 c k, gS© f B8& ( f 

. , ft , f. ) k, s»©fHa©a**»6io 
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*mtsm&& 1 9 d fcfrsnwtsn*. mm® 
[0066] mmfmmmm, ®mt fustR 

V®L<DS b o x©ffi£fflI?LT;!3< 
T"&5 0 C©«^tti, f iiSC f • fcJfl/TfiSn , S 
ii, Sn OSbox*fflV\ fBi&ft fcttLT 
fiSz. , S22 , -\ Szb OS b ox»\ tli^o 
iSfcttltifiK f ISStf • IcftLTttDE s 

e#©fHa*fflv\ fnaf« fcitL-oi f e a lbb 
n<Dfmm^\ insist, ^<a4*m# io 

© f HSfcfflfi* 5 C t \C i o T t HSiT't 5. 
[006 7] fiLtifflH Lfci 3 ftBg^gfi 1 9 fcffll^ 

t> mmm i ^iiii©^^ db^sm^t? c 

x-7. 1 2tt, *ffi0U fcll«©&©*ffl^3o 

[0068] cussm 5 ] n>mimm$, m i tattm * 

C, =E> (Mi + I V) 
C. =E> (Mi +C,-i ) ( i = 2, 
Mi =D> (C. ) + I V 
M, =D« (C, ) +C, (i =2, 
[0 0 7 1] <I©l^©Bi^gH2 O(i09©<t5tS 
$£tl3o 09©H!HfgB2OfJ, 7ny?8g*f§§2 0 

a t. z-o<Dxm^-i5^mmmmm2 o b 

Sg2 0 c fcfrS&So )ffiR¥l£2 0 btt, 

[0 0 7 2] C©a|^gtt2 0^ECB ; e-KT'^ffl-r 30 
5^C(i, X*t««lWfiI VfcLT^T0©lf>y h 

wfc u mm® 2 o bTWcMHtt i v£g^-r§ 
fiffl-rssa-fcti, A^-rsujwii vfctTttfioe 

[0073] «±kijj ufc i a «i&§£b 2 0 *jh^ 
t, mmm 1 1 ptto¥0t«k 0 sgmmm c t& 40 

* So tf , fgnmmn ? mic a a* b b nhjwi i 
v^iMffl«*i ort©Hi^gg2 ofcREUHttur 

[0 0 7 4] • SftSE 1 3fflM-rv^7x-X 

1 2tt£tt0!ll fcHUtO*ffl^*„ **jiCTT'fe, Bg 50 



* mm* 1 0 tm-m&mmn&mv 



%?T?o fcfcU E7©B|^SBl 9(cfUT09fc* 
$0!lT*feBf*§gB2 Ortt^tra^o tit. #HfitE 

• srse 1 3 m?L i>'jm-vte%\,\ 

[00 6 9] Bf9*Sfc LT7ny ^Bf 

1. ECB (Electric Codebook)^ 
— K 

2. CBC (Cipher Block Chaini 
n g ) K 

© 25 6 -eteffl-T 3:W8#£iSS£#*§fc: <fc D S£T*t 
5t©fr5o 

[0 0 7 0] CBC^KfcO^TIiffiStSA^ CC 
TffefB*lC|llBLT*<. ¥**M. , H^ti&C. , 

^*Di fc-rsfcCBCt-Ftt^-easns. 

(3) 

3. • •) (4) 

(5) 

3, •••) (6) 

*fil«*'y y-V-ttLTlZmi 4©fe©£ffl^3„ * 

[0075] imm 6 ] 1 ks-j 

asw 1 k ^ 1; < , 01 t^taiiffl«* 1 0 m^Tsg 
[0076] *$ffim$&6.mi tmzmmTvm 

OTfeSo III 1 T'fiBt^SB 1 ltttiaSfcLfc 

6»t>t)S-p^-oai*ffl^s. znicttLT*mmm 

#sbi i©i!©MSf*fT^c fc^u mvma^ 
ms<osm^ t %m t -emm* tixvio mw& 

[0 0 7 7] **S£0IJ©H£fig • 3HRSB 1 3 fc, 
CTl©#&kl^i;<02©<J;^{c^$n5o fc/fU 
• mwm 1 3 T-«±a© i o « 

gli i©a©Mir^-r5, fcv^cfc*fT5fcft, n 
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[0078] mm i o*&Dm&& • mmm 1 3 

k *nfc»LT**»«i-co«sjs • mmm 1 3 t- 

fts©«*&4fc£jaw-*<fcBtf**. 
w-eoaaa • mmm 1 3 a, n»j 1 ©*§£©&£ 

ft-Stt&ll 3©»ft*ffiSfe«DigLfro"aS5. 
[00 7 9] *ISBfcffll^«4* • SiRSB 1 3 ©8 10 

4JS07;I/JUXA«, 1#Ji:»JB%Stt*iR-ettft<» * 
x w = x i modN (i=0> 1 
bi = 1 s bj (x, ) (1 = K 2 

fc±o-a#sft*tfy M&jijbi , b 2 , -*2mm. 

MSd&lk^So ffiU I s bj (xi ) fix i ©T 
ffiJlfyh*at3U N©tT-y hS^ntLfcfcf j = 

0 (1 ogz n) fcfSo 

[0081] zmmmmwt, mmzm^w-tm 
m<Dmmmmmmmmx&zt<Dm<Di : x 
mwHk&kitM®jB9ffltit&<, 2 mmm 20 

■W&kKtQttZlttbs 2%m£ (7) ©)£N© 
e«yh»n*5 1 2e<y h8*i:**c fctfSSU^ 

1 • liRgB©!^) Kab > K« , -tt, 1 
<K« s K*c , -<N- 1 ttZ, 

[0 0 8 2] C0 2*WHaJ9RW*ffl^ft«ftl«'a 

mm 1 3 «0 1 0 fcj^sn*. 0 1 0 mm • »r 

SBl 3fiS (7) 07^-K/Vy*S»*ff5»aB 

Bl 3efcS (8) ©iag^ff^Jaaiiimi 3 f fciSiS 
SB 1 3 g k*^ttl««ti5. C©«££ • SlRgfi 1 30 
3©ftff{4fi(TO±3fi:ftSo 

1. fflfixo • 3K8fi 1 3 KA^tSo 
x 2 , 

-fcftU a (8) &Mfi 

k. , k 2 , -icaaftts. 

[0 0 8 3] Bl l fc«*lfflSEif*«»£©Wra!fll 

l Ucfel/>T, Mot (u=K 2, -s t ; v=l, 

2, •••> s) tt^i^ny**, k. (u=l, 2, 
t) tt7nry k. (M. ) (u = 

K 2, -\ t ; v= K 2, s) B^Rt/ov* 

L,TV3 0 CCT% M„ fr?>M» ST*© s fl©7n-y ? 

8Bl 3fc±:3TMirS*UMB6JUk. > k 2 , -*Ji 
kl^ny^e^cakLTffl^SClfcKJ:*), 01 1© 



2. ^ (7) tJ:5, x, 

3. £$£nfcx, , x 2 
U tlStlfcb, , b 2 , 

4. ft£8§l 3 gT'ttb. 



ffli^fc»£, »K*©*7t23Rl!WHa»»3»J*ffl^ 
[0 0 8 0] 29&Stt(a.ft$$lJ£& MT©¥HT?£ 

ja*n*!»Ha»3R5>jb. > b 2 , --eft*. 

[2SRSH»tta»3R5>J] p, q£p=q=3 (mod 
4) U N = p • qfcLT, ttftftx 

o (i<xo <n- \*mw) tmns. 



. 2, -) (7) 

. -) (8) 

<D£?mmzmmz>z tic**) , ^mx^mt 

hU-ttLTimi 4©t>©*JB^So 

[0 0 8 4] inA#Afr5B'\©fcJtafttt, «T©^ 

t*f8Wfc«k«r-*©WH§affl#W GS«*AfclB* 

5) ] 

1. ««*s»gffl^tj:5, mmv&mLttmis 
3frB<Dm&m9i2ti&*5Kmm&i 4*Btt 

2. *6fri;i6Sfi#Bi:«*LT^5«aB©«Kii * 

aftfflffi* i o rt©ii^^ • g*RSS 1 3 l 
tutu m^»ss£«#-ea««nfc©#*!SK» 

3. g£j£-sft£Bi 3frzmznz>mm^m 
m 1 1 <omt LxmrnML-D-Dm^T-^^t 

2*^LTBfc3asei-*o 

[008 5] [*3B9!tc =t 5 r- ^©Bl^affl^ll (S 

1. HW*SRSfi^KJ:»), W¥M-eftSLfc«HI# 
Sfr6©W*tf»R£ft*«k$fc»R¥ai 4*BB£t 

2. *6*^i;»aMI#Af:«WLT^*a«©«Kii * 

afifflis* i o ^©gi^fig • mmm 1 3 tc«iHM& l 

3. a«-ry*7x-Xl 2£ftLT£&SSfr5>Bi*fffc 

T-**s«u tt^js-a^Bi 3^6tH**n* 

[0 0 8 6] S/c, IH?l«»c^4B<HaS&S©7 
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)i^)XLtLX2mmmmm>fct)\ mm 

fclMS-MraUrYJ (lt#» fflB* 1 9 90^51 
fi, 1*S#aiB!Bl, 8 6H) fcSStiT^SiSfc. 

tit. *mm-emwLmmmmtfit%m&. m 
mm i icm~3^TmwLfct>\ %mm 1 icmmzzn 

[0087] mmm i ] mmm 1 aaaes©©*!*- 

Aft»fllffl*lll*l 0*ffl^T«*Bfll*ff3o CCT 20 

[0 0 8 8] ***«!|T?I4, Bg^StbT^n-y^Bg 
%#A*o *©7*ny*HH*, 

1. H£0«*JB^TI»9fl:*fT3. 

2. «*SffU4^6«»ft*fTa. 

[008 9] ft£j£ • 1 3 tt«W#3IStefl» 

KJoTSWPStU rH£««*fflt^T^fl:*ff9j 30 

HHans-eteffl* sssica, • iiiRgfl i 3 a 
ssa ( i o©n) *^*ftfcnag*fM:-r*o $ 

*«^ttt, • gftfSB 1 3 (&ft<Dg) 

do 01 2oafBfflS*i o* rHS©«%fflt^Tie# 
ft*ff3j BgH§£S7«ffl-rs«££i:i\ morass 
mic x *>mj&. • mum 1 3 vttmjmit&ifrz 

*fttf«fct\, Sft, H 1 2<Dil{Bffliig* 1 0£ TOM 40 

tt, *^F3»£fi#fcJ: • SIRS® 1 3T-« 

J: 5 fcU %mwi n»tt*©«*Jfc 

is?&s 1 3 »h 2 i: m tmT'Mtmmi etmu 

tt**WlfcHi;fc©*ffi(#V&o BWafil*yh 
V-ttLTimi 4©fc©*ffl^«. 
[0 0 9 0] jpA#A^6 B^©l«aflM\ ^S&flJ 1 
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^fb^tT 5 c t &a*R t (i, r- * mwm 

[0 0 9 1 3 2HM#IB-e«»#Slc 

T-*©t§£t&, mzmLKtf^mmioi 
Bj©iis*©fca, sg^sBi lttioktfc*', ji$© 

Bf^SBl l*I^TtiK *©«£fctt, S&©R| 

^sb 1 1 *»5©aA*aiR-r*fc«>«ffliR¥a 1 4 # 
[0092] mmm 8 ] *£ffi<H& mmm q , 7 -e 

/B^fc«£dt • S^SB 1 3 0«^'>LSx.fc«^T' 

ksbi 3©*jffltttttfc:Bii;iti:4t), mvmm. 

[0093] ?Lt««Bi, assflw^rac-pt 
mm • s^sb 1 3o*MBfi*fijfflt*Sfc«Ht* 

[0 0 9 4] **W6K^«tlfc»IJft<«0¥IIT»* 
a (7) , a (8) ic*^t, 7-f-F/Vy^}(dlK:«k 

\3lts mi 3t^Stl*J:3fc:S (7) 07-f-K/< 

•y*isa?*ff5»aiiei 3 hta (8) ©ag*ff3 
team^i 3 i t. m^i 3 j tfrzmf&ztu 

Hffi^J 1 TittW Lfc «t 3 ^ffiftffliS* 1 0 fc&l^nfc 
«»SE11«B3 0Ofii^a3 0 atsEtt^nSo 

[0095] %mm 6, 7 Ttt, • ss?sb 1 3 
rta@0Rtt. &@©i«^fflgicffl^5ft*8aafcL 

[0 0 9 6] Sfc, COft£f£«a9^KBl 3«B1.0 
<0tt£j£ • «RSiB 1 3tl*«A*ci:t«I:»), 14 
fig-l^SBl 3©*!Htt*«ffl"f**fcSfflT**a 

[0 0 9 7] JnAtA^BB^OBWafllH:, JfeKm 
6, 7T»iStft#ai:BI*0¥JR'effWa*. ft^U 
r«*Kfft**«6BWft*ffoJ flW#SO»6fc 
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[0098] ±&©&£jfiWtt, m#*a»^fi#ics 

5*-FS, fcJSUTai(i«fclS33&fi*a*.SJ:3fc 
i&fcRSUWiSfcLTfcJ:^,, fib, Hf^3Sil8£ 

a<t*«^fctt, fi^sosigSjMifcL, tmm 20 

[009 9] 

D, «*^FBr*6T?*r3 fclM*S<03MR*nrft6fc: S 30 
4*©K^l»*Bfll*nri!llc LTV* 0 
[0S©ffiW&tHl«] 

[0 1 ] 1 , 6 (cj:5aflffl4S*(D7n 

[0 2 ] *£«4)£ffi<*| K 6 , 7 tcj: 3ft4$ • 

[03] #?gf!©3M i KsamamazjiL • i^se* 
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[0 4 ] *mn<»-mm \ ~ 8 1 «t sst^iMSB© 

7"n-y*0T*fc5o 

[05] *5BBOlli6W2K«fe5iieffl«l*0^oy* 

0T*&5 O 

[06] *5aBO^flfW3(c«k«afifflS*©ra>y^ 

0T*£5 O 

[07] *5^©£^4fcJ:*a^ffl«*©7*nv* 

0T'fe5c 

[08] *5SHOlUt»l4lCi*H|9S«07ay*H 

"CifcSo 

[0 9 ] #fgH£©^j5fS0J 5 fC =fc 3 @ ^fgfi©7n -y * 0 

[010] *8H©&ffl0!i 6 k & « 2 mm&mm 
[0ii] *8g©&ffi0ti 6 iz&mmmmi§$<o 

[012] *!§WcD||Si60lj7(Cj;§imffl«*<D'7*a>y 
*0T*&5o 

[013] *89§<D$tt0!l 8 K J: 6 2 ftSMa&fcffl 
l^fc«£j* • S«SfiO^n<y^0T'fe5, 
[014] «a«fl6Wa«*y h 7-^0**81?* 

5o 

[015] 4»B«««afll*yh7-^0«<aHT« 

So 

[016] mm, 'j*mw&mm*y Yv-wm®. 
[017] mw®mi&*<Dfuv mx&Zo 

[018] D E S 8f *§© 1 a#0jaa*iS*7n -y *0 
10 IMS* 

ii~2o 

1 2 a#^>^7x-X 
1 3 • StRgfi 

1 4 SS^g 
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13d 
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[01 3] 



13 



;i3h 



kh-i ■ xj 2 mod N 



ftSStt 



bwi = lsbi(xwi) 
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